The popularity of Google's mobile operating system continues to increase, but at the same time, different vectors are emerging that raise serious concerns for users. Trevor's incident and Carrier IQ Eckhart exploded two weeks ago was only the tip of the iceberg. Now a group of researchers from the University of North Carolina have discovered a significant number of vulnerabilities in the settings "default" Android phones available from brands such as HTC, Motorola and Samsung, but that could well affect every Android device with factory-installed applications.
About two weeks ago, researchers discovered that Eckhart Trevor Carrier IQ company dedicated to creating software in order to collect statistical information that allows both manufacturers and providers of data to improve its services, was a little beyond "statistics" to record virtually everything the user does on his mobile phone from dialing until you press the same buttons on the phone, courtesy of a rootkit that in addition to failing to report its existence to the user, can not be interrupted or eliminated by conventional means. Carrier IQ Eckhart tried to get close to with a letter "cease and desist", but a brief statement of the Electronic Frontier Foundation that Carrier IQ did bite his tongue and issue an official apology. Effects of Carrier IQ software can be explored in a video posted on YouTube Eckhart on 28 November ... and it is chilling.
As if that were not enough, recently a group of researchers from the University of North Carolina found that the settings "base" of several popular Android-based phones have vulnerabilities that theoretically would allow untrusted applications to access elevated privileges. The tests were performed on three HTC phones (EVO 4G, Wildfire S and Legend), two Motorola phones (Droid and Droid X) and both the Nexus One as the Nexus S. In the case of devices Google, acknowledged that security breaches were "minor," and both Google and Motorola have admitted vulnerabilities, but not so with HTC and Samsung. Faults are divided into two categories: explicit, in which an application can take advantage of unreliable service or public interface of another application without asking permission, and implied that allow an application to inherit permissions from another using the same digital certificate.
The study focused on thirteen permits privilege "sensitive", that misuse may disclose user information such as contact list or current, and found that eleven of the thirteen permits were filtered by preinstalled applications. The EVO 4G HTC proved to be a loophole, with eight vulnerabilities. In other words, all that is needed is an application tailored to take advantage of these holes in applications preinstalled to wreak havoc on the information (and privacy) of the user. It is not pleasant reading for any user of Android, and imagine that there are some patches on the road, but if anyone needed a reason to "root" your phone and remove all the garbage that came preinstalled from the factory, it is definitely this.
About two weeks ago, researchers discovered that Eckhart Trevor Carrier IQ company dedicated to creating software in order to collect statistical information that allows both manufacturers and providers of data to improve its services, was a little beyond "statistics" to record virtually everything the user does on his mobile phone from dialing until you press the same buttons on the phone, courtesy of a rootkit that in addition to failing to report its existence to the user, can not be interrupted or eliminated by conventional means. Carrier IQ Eckhart tried to get close to with a letter "cease and desist", but a brief statement of the Electronic Frontier Foundation that Carrier IQ did bite his tongue and issue an official apology. Effects of Carrier IQ software can be explored in a video posted on YouTube Eckhart on 28 November ... and it is chilling.
As if that were not enough, recently a group of researchers from the University of North Carolina found that the settings "base" of several popular Android-based phones have vulnerabilities that theoretically would allow untrusted applications to access elevated privileges. The tests were performed on three HTC phones (EVO 4G, Wildfire S and Legend), two Motorola phones (Droid and Droid X) and both the Nexus One as the Nexus S. In the case of devices Google, acknowledged that security breaches were "minor," and both Google and Motorola have admitted vulnerabilities, but not so with HTC and Samsung. Faults are divided into two categories: explicit, in which an application can take advantage of unreliable service or public interface of another application without asking permission, and implied that allow an application to inherit permissions from another using the same digital certificate.
The study focused on thirteen permits privilege "sensitive", that misuse may disclose user information such as contact list or current, and found that eleven of the thirteen permits were filtered by preinstalled applications. The EVO 4G HTC proved to be a loophole, with eight vulnerabilities. In other words, all that is needed is an application tailored to take advantage of these holes in applications preinstalled to wreak havoc on the information (and privacy) of the user. It is not pleasant reading for any user of Android, and imagine that there are some patches on the road, but if anyone needed a reason to "root" your phone and remove all the garbage that came preinstalled from the factory, it is definitely this.
